Chris I just found out that this was captured using tshark.....but nobody knows what the snaplen was.
So my questions is.... My code is working correctly then....And that this was just a bad judgment of the wrong snaplen......correct..?? Thanks, Brian Maynard, Chris wrote: > "Packet Size limited during capture" tells me that the packet was bigger than > the snaplen set, so the packet was truncated when captured. In Wireshark, > the snaplen is set in the capture options dialog using the "Limit each packet > to ___ bytes" option, and with dumpcap, tshark and tcpdump it is set via the > "-s <snaplen>" option. If not specified, tcpdump uses a default snaplen of > 68 (or 96, depending on the platform). Which program did you use to capture > the packets and what was the value of the snaplen vs. what was the expected > number of bytes for the packet in question? > > Too bad the snaplen information isn't available through capinfos, but you can > find out the snaplen via Wireshark's Statistics -> Summary window, listed as > "Packet size limit". > > - Chris > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Mike Morrin > Sent: Monday, March 22, 2010 2:59 AM > To: Developer support list for Wireshark > Subject: Re: [Wireshark-dev] Packet Size limited during capture message > > > When I run a pcap file with my dissector in place wireshark crashes > (win32.dll error). > > But I was able to run the pcap file and stop the loading process before > it crashed and one thing that I noticed > was in the info column it said "Packet Size limited during capture". > > I never saw this before...does anybody know what this means..?? Could > this be why it was crashing..?? > > MM- I have seen "Packet Size limited during capture" due to a bug where > a dissector assumed that a PDU always had a data segment at the end, but > occasionally one didn't. That would not directly cause your crash, you > probably have 2 bugs. > > Try running with a breakpoint in do_throw() (around line 182 in except > .c), on a trace that has only the packet(s) that cause the problem. > > > > CONFIDENTIALITY NOTICE: The contents of this email are confidential > and for the exclusive use of the intended recipient. If you receive this > email in error, please delete it from your system immediately and > notify us either by email, telephone or fax. You should not copy, > forward, or otherwise disclose the content of the email. > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe > ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
